We live in a time of rapidly advancing technology. Interconnectivity has brought the world closer than it’s ever been before, however, it’s also made our personal information far more vulnerable as a result.
Passwords have long been seen as the cornerstone of online security. Whenever we indulge in internet shopping, or access work emails, or log in to our online banking, we’re protected by a network of passwords that are designed to keep our data safe.
But do passwords really bring peace of mind and security at a time when hackers have so many tools at their disposal that can force breaches?
In 2017, Centrify, a leading digital security organization, found that 81% of data breaches involved compromised credentials. This, according to Verizon’s Data Breach Investigations Report (DBIR), represents an alarming increase from 50%, to 60% to over four-fifths of breaches coming down to stolen or weak passwords over the past three years, especially when you consider the fact that a lot of passwords are repeated:
Safety not Guaranteed
The fundamental problem with passwords often has roots in human error. Many organizations advise employees to change their codes repeatedly throughout the year and to keep hackers guessing by only opting for passwords that are longer than eight characters which include numbers and symbols.
This may seem like an obvious way of ensuring safety, but when people can expect to create dozens of password restricted accounts online every year, the chances of them keeping on top of their passwords decreases.
The notion of remembering such an unnatural combination of special characters and numbers within a long code is so difficult to some, that they instead opt for utilizing simpler passwords. Fortune published a list of the world’s most common passwords of 2017, and coming in at first place was ‘123456’, with ‘Password’ a close second, overtaking “Password1” in 2014, according to Statista.
Picking such generic passwords may seem like users are asking for trouble, but the reality is that for many, the task of remembering elaborate phrases and character combinations is simply too difficult. When customers are prompted to create passwords that they feel they won’t remember, oftentimes the solution is to record their new password somewhere, sometimes in their phone and sometimes physically, for future reference – but then this act only leads to increasing the chances of the code falling into the wrong hands.
Time for an Alternative?
Biometrics has long been touted as a successor to the flawed password system, but with Jonathan LeBlanc, Paypal’s Ex-Global Head of Developer Advocacy, already declaring the widespread fingerprint identification technology as obsolete, there’s something of a race emerging between companies searching for an even more reliable way of protecting private information with the help of our bodies.
A Toronto-based startup, Nymi, has recently developed a wearable wristband that utilizes its user’s ‘unique cardiac signature’ as a form of identification, while Paypal itself has been working on developing ‘wearable computer tattoos’ that’s capable of providing biometric confirmation of its wearer’s identity.
Another approach has been adopted by companies like Remme, which ditches passwords for SSL certificates and integrated devices coupled with blockchain technology to keep delicate information secure without the need for passwords. Alex Momot, Co-Founder and CEO of Remme explains “The new process of logging in without passwords can be compared with the airport registration. You show your passport, and if there’s no record (negative record), you’re good to go.”
Because of the immutable power of blockchain, a business’ information can be kept safe with zero prospect of a brute force attack manipulating or stealing the data stored.
Is the Future Passwordless?
Passwords have been increasingly the subject of compromises in recent years. A survey by Kaspersky Lab found that 59% of people fail to store their passwords securely, while 63% use ‘easy-to-guess’ codes that are easy for hackers to interpret, and a further 39% select the same passwords for all of their accounts.
This evidence points towards frailty among password protected systems on a stage as large as the world wide web. They may make for an effective way of keeping information protected in a closed circuit intranet-based system, but at this time of unprecedented interconnectivity, a more intricate way of ensuring security needs to be devised.
Fortunately, as the tools at the disposal of hackers develop, so too does the technology that can be utilized to keep our information safe.
Blockchain is designed to flummox even the most persistent of codebreakers, with its “untamperable” chain of information spread across a series of networks, while the reliability of biometric encryption has proven popular enough for leading banks to adopt the form to provide enhanced security for mobile banking customers.
IBM estimates that the average cost for a UK company to remediate a data breach is around £2.5m. This coupled with the collective fear at the effect a loss of data could cause to a company’s image necessitates a need for change within the old-fashioned framework of online security. A wholesale overhaul of passwords as we’ve come to know them today will be inevitable if businesses are to guarantee protection for its customers and values.
Featured Image: DepositPhotos/ pn_photo